chore: introduce build.yaml

Signed-off-by: Derek Su <derek.su@suse.com>

Author: derekbit

.github/workflows/build.yaml

@@ -0,0 +1,69 @@
+name: build
+on:
+  push:
+    branches:
+    - master
+    - main
+    - v*
+    tags:
+    - v*
+  pull_request:
+  workflow_dispatch:
+jobs:
+  build:
+    name: Build binaries
+    runs-on: ubuntu-latest
+    outputs:
+      image_tag: ${{ steps.build_info.outputs.image_tag }}
+
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
+
+    - id: build_info
+      name: Declare build info
+      run: |
+        image_tag=''
+
+        branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}
+        ref=${{ github.ref }}
+        if [[ "$ref" =~ 'refs/tags/' ]]; then
+          image_tag=${{ github.ref_name }}
+        elif [[ "$ref" =~ 'refs/heads/' ]]; then
+          image_tag="${branch}-head"
+        fi
+
+        echo "image_tag=${image_tag}" >>$GITHUB_OUTPUT
+
+    # Build binaries
+    - name: Run ci
+      run: make ci
+
+  build_push_image:
+    name: Build and push image
+    runs-on: ubuntu-latest
+    needs: build
+    if: ${{ startsWith(github.ref, 'refs/heads/') || startsWith(github.ref, 'refs/tags/') }}
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
+
+    - name: Login to Docker Hub
+      uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3
+      with:
+        username: ${{ secrets.DOCKER_USERNAME }}
+        password: ${{ secrets.DOCKER_PASSWORD }}
+
+    # For multi-platform support
+    - name: Set up QEMU
+      uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3
+
+    # longhornio/kbench image
+    - name: Build and publish image
+      env:
+        REPO: docker.io/longhornio
+        TAG: ${{ needs.build.outputs.image_tag }}
+        TARGET_PLATFORMS: linux/amd64,linux/arm64
+      run: make workflow-image-build-push

Makefile

@@ -1,9 +1,12 @@
+PROJECT := kbench
 MACHINE := longhorn
+DEFAULT_PLATFORMS := linux/amd64,linux/arm64
 
 .PHONY: build validate ci package clean
 
 buildx-machine:
-	@docker buildx create --name=$(MACHINE) 2>/dev/null || true
+	@docker buildx create --name=$(MACHINE) --platform=$(DEFAULT_PLATFORMS) 2>/dev/null || true
+	docker buildx inspect $(MACHINE)
 
 build: buildx-machine
 	docker buildx build --builder=$(MACHINE) --target build-artifacts --output type=local,dest=. -f Dockerfile .
@@ -14,8 +17,14 @@ validate:
 ci: buildx-machine
 	docker buildx build --builder=$(MACHINE) --target ci-artifacts --output type=local,dest=. -f Dockerfile .
 
-package: build
-	./scripts/package
+package:
+	bash scripts/package
+
+.PHONY: workflow-image-build-push workflow-image-build-push-secure
+workflow-image-build-push: buildx-machine
+	MACHINE=$(MACHINE) PUSH='true' IMAGE_NAME=$(PROJECT) bash scripts/package
+workflow-image-build-push-secure: buildx-machine
+	MACHINE=$(MACHINE) PUSH='true' IMAGE_NAME=$(PROJECT) IS_SECURE=true bash scripts/package
 
 clean:
 	rm -rf bin dist

scripts/package

@@ -3,19 +3,57 @@ set -e
 
 source $(dirname $0)/version
 
-ARCH=${ARCH:-"amd64"}
-SUFFIX=""
-[ "${ARCH}" != "amd64" ] && SUFFIX="_${ARCH}"
-
 cd $(dirname $0)/..
 
-TAG=${TAG:-${VERSION}${SUFFIX}}
-REPO=${REPO:-yasker}
+command -v buildx >/dev/null && BUILD_CMD=(buildx) || BUILD_CMD=(docker buildx)
+
+# read configurable parameters
+REPO=${REPO:-longhornio}
+IMAGE_NAME=${IMAGE_NAME:-'kbench'}
+TAG=${TAG:-${VERSION}}
+PUSH=${PUSH:-'false'}
+IS_SECURE=${IS_SECURE:-'false'}
+MACHINE=${MACHINE:-''}
+TARGET_PLATFORMS=${TARGET_PLATFORMS:-''}
+IID_FILE=${IID_FILE:-''}
+IID_FILE_FLAG=${IID_FILE_FLAG:-''}
+
+IMAGE="${REPO}/${IMAGE_NAME}:${TAG}"
+
+BUILDER_ARGS=()
+[[ ${MACHINE} ]] && BUILDER_ARGS+=('--builder' "${MACHINE}")
+
+IFS=' ' read -r -a IID_FILE_ARGS <<<"${IID_FILE_FLAG}"
+[[ -n "${IID_FILE}" && ${#IID_FILE_ARGS} == 0 ]] && IID_FILE_ARGS=('--iidfile' "${IID_FILE}")
 
-if echo $TAG | grep -q dirty; then
-    TAG=dev
+BUILDX_ARGS=()
+
+if [[ "${PUSH}" == 'true' ]]; then
+    BUILDX_ARGS+=('--push')
+else
+    BUILDX_ARGS+=('--load')
 fi
 
-IMAGE=${REPO}/kbench:${TAG}
-docker build -t ${IMAGE} -f package/Dockerfile .
-echo Built ${IMAGE}
+[[ ${IS_SECURE} == 'true' ]] && BUILDX_ARGS+=('--sbom=true' '--attest' 'type=provenance,mode=max')
+[[ ${TARGET_PLATFORMS} ]] && BUILDX_ARGS+=('--platform' "${TARGET_PLATFORMS}")
+
+# update base IMAGE to get latest changes
+grep 'FROM.*/' package/Dockerfile | awk '{print $2}' | while read -r BASE_IMAGE
+do
+    docker pull "${BASE_IMAGE}"
+done
+
+IMAGE_BUILD_CMD_ARGS=(
+    build --no-cache \
+    "${BUILDER_ARGS[@]}" \
+    "${IID_FILE_ARGS[@]}" \
+    "${BUILDX_ARGS[@]}" \
+    -t "${IMAGE}" -f package/Dockerfile .
+)
+echo "${BUILD_CMD[@]}" "${IMAGE_BUILD_CMD_ARGS[@]}"
+"${BUILD_CMD[@]}" "${IMAGE_BUILD_CMD_ARGS[@]}"
+
+echo "Built ${IMAGE}"
+
+mkdir -p ./bin
+echo "${IMAGE}" > ./bin/latest_image